12 Jul 2018

Best Practices for Storing Passwords in Database

Let's see what the best way is to store passwords in the database and how well-known platforms solve this problem.

Plaintext

When there was a passwords' storing problem, the first idea was to write them openly in the corresponding table in the database. It would be a good idea if clients could not access the table with passwords directly. But, unfortunately, the well-known SQL injection still sometimes works in various web applications, not to mention other potential vulnerabilities. In security matters, it is customary to assume the worst and prepare a plan of action and defense precisely for such a case. It should be assumed that the attacker has already found a hole in the web application and, in one way or other, downloads a table with the logins and passwords of users…

Read More
02 Jul 2018

WPA3: Weak Passwords Became More Secure

On June 25, 2018, WiFi Alliance officially introduced the certification program for Wi-Fi CERTIFIED WPA3. This is the first security update for Wi-Fi for the last 14 years.

According to the alliance, WPA3 (Wi-Fi Protected Access 3) “adds new features to simplify Wi-Fi security, providing more reliable authentication, increasing cryptographic strength for highly sensitive data markets and ensuring the fault tolerance of critical networks”. WPA3 key features:

  • The latest cryptographic protocol are used;
  • Obsolete protocols are prohibited;
  • Function of protecting control frames from PMF compromise (Protected Management Frames) is mandatory.

Since Wi-Fi networks have different needs for use and security, WPA3, like WPA2, offers…

Read More
06 Jun 2018

Why Does the Error of Unsupported File Format Occur?

Uploading file to our site, in some cases you may see the error message: “Unsupported file format or file is not password protected.” We have been often asked why such an error may appear even for a valid document protected with a password. So we decided to write an article, answering the question, to save some time, both yours and ours.

Imagine you have a password-protected document, which we officially support. For example, MS Word or PDF file. You upload it to our site and see the error message we are talking about.

And it's not a software crash or a problem with your file. The fact is that even seemingly identical files may have different internal structure. For example, a *.xlsx file may be a document of MS Office 2007, 2010, 2013 or later versions. Mind, that each…

Read More
01 Jun 2018

What is Brute Force?

Some guys wonder what brute force is and whether it is possible to recover the password if the password database search run has failed and the original password structure is unknown. So, we answer the question.

So, what is brute force?

Strictly speaking, brute force is a serial search through all possible passwords of the specified length using certain symbols. In most cases, passwords consist of Latin alphanumeric characters: that is a set of characters from 0-9, a-z, A-Z. Sometimes people add to it special characters that can be typed on the keyboard: ~!@"#$% , and others. Usually, it is a set of 90-100 characters.

During brute force attack, we first sort through all single-character passwords and then compare the received hash with the reference one to determine…

Read More
12 Mar 2018

PKZIP Format is Added

Dear users, today we have great news for you. We finally befriended PKZIP format, and are pleased to bring to your attention the password recovery option of Zip archives with PKZIP compression.

For those who are not aware: PKZIP is one of the compression algorithms used in *.zip files. But it is not just one of the algorithms, but the de facto standard for Zip archives. Here is just the list of some main libraries and programs using PKZIP for data compression:

  • zlib and gzip libraries;
  • WinRar;
  • 7z;
  • Built-in support for Zip in Windows OS;
  • Old versions of WinZip.

Our internal statistics show that PKZIP compression is used in more than 80% of all Zip archives. Why did we not add it earlier? It is not a…

Read More
06 Feb 2018

The “admin:password” Problem: Standard Passwords Helped to Create a Botnet From Almost 400,000 IoT Devices

The source code for a large IoT Mirai botnet components was published in early October 2016. It was known that there were mainly IoT devices in the botnet, including CCTV and DVR, almost 400,000 devices — extremely powerful botnet for DDoS attacks.

Screenshot of the forum Hackforums, where was published a message with links to the source code of the botnet

We saw at least two major attacks through Mirai botnet: Brian Krebs’ website was subjected to DDoS attack at speed of about 620 Gb/s; the French OVH hosting provider underwent an even more powerful DDoS attack of 1 Tb/s.

Botnet’s logic of spreading and devices’ infection indicates that digital cameras or IoT were not initially the target of its creators. They focused on finding connected to the Internet devices…

Read More
27 Jan 2018

A Brief History of Passwords

The 9/11 attack on the World Trade Center towers killed 658 employees of the Cantor Fitzgerald financial company. Its chief executive, Howard Lutnick, lost his brother that day and also ran into an unprecedented problem. The company’s servers, including the backup ones, were buried under the rubble, but it was not the case: the financial information was partially available but under the hundreds of deceased colleagues password-protected accounts. To hack those accounts Microsoft specialists were called for help, and they used their powerful servers for the fastest brute force: the data was the company's life or death question, and it had to be recovered before the first after the attacks trade opening. The personal data of the deceased colleagues could speed up hacking, so Lutnick had…

Read More
15 Dec 2017

The Most Popular Passwords

In 2016 the TeamsID company published its annual list of the top 25 most common passwords found on the web, using data leaks. So “password” for a personal password lost its leading position, slipping to the second place, and at the first place now is “123456”.

A list of frequently used passwords shows that many people still prefer to run a risk by using weak, easy-to-guess passwords. Most common passwords in the TOP-10 are “qwerty”, “football” and “login” keep their places for years.

Another interesting aspect of the last year's list, is that there are short numerical passwords, although site administrators are starting to implement strict password policies (minimum length, for example). Still, there are on the list simple and easy-to-guess passwords like “1234” at the…

Read More

Copyright © 2017-2018 LostMyPass.com

Top